முகப்பு » alerts » Apple Products Multiple Vulnerabilities

Apple Products Multiple Vulnerabilities

Components Affected
• Versions prior to macOS Sequoia 15.3
• Versions prior to macOS Sonoma 14.7.3
• Versions prior to macOS Ventura 13.7.3
• Versions prior to iPadOS 17.7.4
• Versions prior to iOS 18.3 and iPadOS 18.3
• Versions prior to tvOS 18.3
• Versions prior to visionOS 2.3
• Versions prior to Safari 18.3
• Versions prior to watchOS 11.3

Overview
Multiple vulnerabilities were identified in Apple Products. Where a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, security restriction bypass, sensitive information disclosure, spoofing and data manipulation on the targeted system.

Description

Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Details of the most severe vulnerabilities are as follows:
• A remote attacker may cause an unexpected application termination or arbitrary code execution. (CVE-2025-24137)
• A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2. (CVE-2025- 24085)
• An app may be able to execute arbitrary code with kernel privileges. (CVE-2025-24159)
• An app with root privileges may be able to execute arbitrary code with kernel privileges. (CVE-2025-24153)
• An app may be able to elevate privileges. (CVE-2025-24156

Impact
• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure
• Spoofing
• Data Manipulation

Solution/ Workarounds
Before installation of the software, please visit the vendor website for more details.
Apply fixes issued from the vendor by updating to the below mentioned versions:
• macOS Sequoia 15.3
• macOS Sonoma 14.7.3
• macOS Ventura 13.7.3
• iPadOS 17.7.4
• iOS 18.3 and iPadOS 18.3
• tvOS 18.3
• visionOS 2.3
• Safari 18.3
• watchOS 11.3

Reference
• https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-couldallow-for-arbitrary-code-execution_2025-011
• https://www.hkcert.org/security-bulletin/apple-products-multiplevulnerabilities_20250128

Disclaimer
The information provided herein is on an “as is” basis, without warranty of any kind